how to take a table name from a text box!
-
hi i designed my form as textbox, button now in the buttonclick event i wrote a code which is as follows! try { string constr = "User Id = scott;Password=tiger;Provider=Msdaora.1"; OleDbConnection con = new OleDbConnection(constr); con.Open(); MessageBox.Show(" Connected to ORACLE!"); string q = "create table pert(enum number,ename varchar2(10),sal number)"; OleDbCommand cmd = new OleDbCommand(q, con); cmd.ExecuteNonQuery(); MessageBox.Show("Table Created!"); } catch (OleDbException a) { MessageBox.Show(a.Message); } now in the string q how do i add a textbox1.text so that while running my program i give the table name dynamically instead of statistically mentioning the table name as shown in the string q.
Try the following:
string q = "create table " + Textbox1.text + "(enum number,ename varchar2(10),sal number)";
a better way (cleaner and easily readable) of doing it would be to use a local string variable to store the table name from the text box and concatenate the string using that variable.
string temp = Textbox1.Text;
string q = "create table "+temp+ " (enum number,ename varchar2(10),sal number)"; -
Try the following:
string q = "create table " + Textbox1.text + "(enum number,ename varchar2(10),sal number)";
a better way (cleaner and easily readable) of doing it would be to use a local string variable to store the table name from the text box and concatenate the string using that variable.
string temp = Textbox1.Text;
string q = "create table "+temp+ " (enum number,ename varchar2(10),sal number)";:thumbsdown::thumbsdown:
Luc Pattyn [My Articles] Nil Volentibus Arduum
-
Try the following:
string q = "create table " + Textbox1.text + "(enum number,ename varchar2(10),sal number)";
a better way (cleaner and easily readable) of doing it would be to use a local string variable to store the table name from the text box and concatenate the string using that variable.
string temp = Textbox1.Text;
string q = "create table "+temp+ " (enum number,ename varchar2(10),sal number)";hi AHSAN111! thanks for the reply mate! the first and the second parts that u explained are working fine for me! this is how my new code looks like! try { string constr = "User Id = scott;Password=tiger;Provider=Msdaora.1"; OleDbConnection con = new OleDbConnection(constr); con.Open(); MessageBox.Show(" Connected to ORACLE!"); string g = textBox1.Text; string q = "create table " +g+ "(enum number,ename varchar2(10),sal number)"; OleDbCommand cmd = new OleDbCommand(q, con); cmd.ExecuteNonQuery(); MessageBox.Show("Table Created!"); }
-
:thumbsdown::thumbsdown:
Luc Pattyn [My Articles] Nil Volentibus Arduum
-
hi AHSAN111! thanks for the reply mate! the first and the second parts that u explained are working fine for me! this is how my new code looks like! try { string constr = "User Id = scott;Password=tiger;Provider=Msdaora.1"; OleDbConnection con = new OleDbConnection(constr); con.Open(); MessageBox.Show(" Connected to ORACLE!"); string g = textBox1.Text; string q = "create table " +g+ "(enum number,ename varchar2(10),sal number)"; OleDbCommand cmd = new OleDbCommand(q, con); cmd.ExecuteNonQuery(); MessageBox.Show("Table Created!"); }
that is bad code, it is open for SQL injection, people can type anything they like in the TextBox and make your program execute it. I already told you precautions had to be taken against it, using a uneditable ComboBox rather than a TextBox is one way of doing just that. :)
Luc Pattyn [My Articles] Nil Volentibus Arduum
-
IMO the answer holds two parts: 1. don't use a TextBox, use a ComboBox (with ComboBoxStyle.DropDownList) presenting the allowable table names. 2. then perform string concatenation to build the SQL statement. :)
Luc Pattyn [My Articles] Nil Volentibus Arduum
the dropdown list would eliminate the facility of having tablenames according to user choices. This IMO is essential if we are dealing with a SQL Parser or a simillar application, or a situation where we need user-specified entity names in the database. We can use a textbox and employ reguler expressions / validation controls in order to eliminate the possibility of an incorrect tablename.
-
I disliked very much however I did not downvote. Your code would not compile. And it is flawed, see my other posts in this thread. :|
Luc Pattyn [My Articles] Nil Volentibus Arduum
-
the dropdown list would eliminate the facility of having tablenames according to user choices. This IMO is essential if we are dealing with a SQL Parser or a simillar application, or a situation where we need user-specified entity names in the database. We can use a textbox and employ reguler expressions / validation controls in order to eliminate the possibility of an incorrect tablename.
Something needs to be done to protect against abuse. Validation is one way, yes. :)
Luc Pattyn [My Articles] Nil Volentibus Arduum
-
that is bad code, it is open for SQL injection, people can type anything they like in the TextBox and make your program execute it. I already told you precautions had to be taken against it, using a uneditable ComboBox rather than a TextBox is one way of doing just that. :)
Luc Pattyn [My Articles] Nil Volentibus Arduum
ooh! but if i use comboboxstyle with allowable table names! the whole purpose of what i wanted would not be served! is there any way by which it can be done! ? but thank u very much for the suggestion mate! am seriously learning a lot from this!
-
ooh! but if i use comboboxstyle with allowable table names! the whole purpose of what i wanted would not be served! is there any way by which it can be done! ? but thank u very much for the suggestion mate! am seriously learning a lot from this!